Mobile phone users typically receive applications or “apps” via online stores, but operating systems restrict access by these apps to certain application programming interfaces (APIs), such as the ability to interact with native apps, or hardware features, such as a secure subsystem holding confidential user information or including authentication devices, such as a retina scanner or fingerprint reader. Device makers include native applications that they develop for a specific platform, and they give these native applications access to restricted hardware and software APIs because these native applications are trustworthy.